\section{Related Work and Conclusion} \label{sec:conclusion}
As highlighted by Devanbu et al. in \cite{roadmap}, the update of a system policy often raises the question of whether the mechanisms enforcing the policy in the code are able to correctly 
enforce the new policy. This problem is particularly challenging when there is no documentation of mechanisms enforcing the policy in the application code. 
In \cite{accesscontrolaspect}, Ray et al. have proposed an approach to locate access control concerns as a separate aspect that can be reusable as patterns. 
The separation of access control concerns at the system design level enables to ease the process of updating access control 
mechanisms. In our work, we focus on applications that do not take the problem of cross cutting concerns into consideration since access control mechanisms are scattered across our 
policy-based software. In our previous work \cite{legacy}, we have proposed a test-based approach to detect hidden access control mechanisms that consists in analyzing system response to incoming requests. 
However, we have assumed that the PEPs are visible and documented. 
In comparison with our previous work, the current contribution does not make any assumptions regarding the visibility of PEPs. Moreover, we 
propose techniques that allow to map every possible access in the application to the PEP in the application code which controls it (if this PEP exists). Our technique also provides
 valuable information for the analysis of the security policy specified by the security officers. We also suggest techniques for the resolution of inconsistencies between the policy
 explicitly specified by security officers and the application code.

As future work, we plan to consider other possible dependency relationships  between classes and study how their integration affects our approach. We are also working on a tool 
implementation which analyzes the abstract syntax of UML to extract relevant informations that are required to analyze security policies. Another current research direction is the 
use of our technique to develop PEP-PDP performance optimization techniques. In particular, we will investigate how the knowledge of possible interactions between PEPs and 
PDP can be used to improve the performance of the overall decision making process. 






